Client authentication during network boot

ABSTRACT

A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.

BACKGROUND

Network boot is a mechanism where a device, connected to a network, mayconnect to a network server and download software to boot the device. Inmany cases, an operating system may be transmitted across the networkand the device may begin operations through software provided by thenetwork server. The server may provision the device with varioussoftware applications and may enable the device to begin operations.

Network boot techniques may enable a device to be configured andoperated from a remote location. The server that provides the bootablesoftware and operating system may determine the configuration ofexecutable code and may change the applications and settings each timethe device is rebooted.

SUMMARY

A secure mechanism for performing a network boot sequence andprovisioning a remote device may use a private key of a publickey/private key encryption mechanism to generate a command by a serverand have the command executed by the device. The command may be used toverify the authenticity of the remote device, and may be used toestablish ownership of the device. After authenticity and, in some casesownership is established, bootable software may be downloaded andexecuted. The remote device may be provisioned with softwareapplications. One mechanism for performing the initial encryptedcommands is through a Trusted Platform Module. In many embodiments, thepublic key for the initial encrypted communication may be providedthrough a trusted second channel.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings,

FIG. 1 is a diagram illustration of an embodiment showing a system fornetwork boot with device authentication.

FIG. 2 is a diagram illustration of an embodiment showing functionalelements of a network boot system.

FIG. 3 is a flowchart illustration of an embodiment showing a method forresponding to a network boot request.

DETAILED DESCRIPTION

A network boot procedure may authenticate a device to a server, and theserver to the device during the startup phase of a boot procedure. Theauthenticated procedure may enable network boot procedures to beperformed with assurance, and may enable trusted network boot proceduresto be performed across an open network such as the Internet.

In a typical use scenario, a device may be manufactured with a TrustedPlatform Module or other component that may have a public/privateencryption key and other security components embedded in the device.When the device is manufactured, the public key associated with thedevice may be stored in a database that is transferred to the owner ofthe device. The owner may cable the device to a network and start thedevice.

When the device first starts, it may be configured to begin a networkboot sequence. As part of the sequence, the device may send a broadcastnetwork request for a server capable of sending bootable code that maybe used to operate the device.

The server may use the public encryption key to encrypt one or morecommands and send the commands to the device. The device may decrypt thecommands, execute the commands, and return a message to the server. Inorder to decrypt the command, the device may use the private encryptionkey. Thus, a response from the command may authenticate the device tothe server. Such an authentication may assure that an interloping deviceis not attempting to improperly obtain software and data from theserver.

Throughout this specification, like reference numbers signify the sameelements throughout the description of the figures.

When elements are referred to as being “connected” or “coupled,” theelements can be directly connected or coupled together or one or moreintervening elements may also be present. In contrast, when elements arereferred to as being “directly connected” or “directly coupled,” thereare no intervening elements present.

The subject matter may be embodied as devices, systems, methods, and/orcomputer program products. Accordingly, some or all of the subjectmatter may be embodied in hardware and/or in software (includingfirmware, resident software, micro-code, state machines, gate arrays,etc.) Furthermore, the subject matter may take the form of a computerprogram product on a computer-usable or computer-readable storage mediumhaving computer-usable or computer-readable program code embodied in themedium for use by or in connection with an instruction execution system.In the context of this document, a computer-usable or computer-readablemedium may be any medium that can contain, store, communicate,propagate, or transport the program for use by or in connection with theinstruction execution system, apparatus, or device.

The computer-usable or computer-readable medium may be, for example butnot limited to, an electronic, magnetic, optical, electromagnetic,infrared, or semiconductor system, apparatus, device, or propagationmedium. By way of example, and not limitation, computer readable mediamay comprise computer storage media and communication media.

Computer storage media includes volatile and nonvolatile, removable andnon-removable media implemented in any method or technology for storageof information such as computer readable instructions, data structures,program modules or other data. Computer storage media includes, but isnot limited to, RAM, ROM, EEPROM, flash memory or other memorytechnology, CD-ROM, digital versatile disks (DVD) or other opticalstorage, magnetic cassettes, magnetic tape, magnetic disk storage orother magnetic storage devices, or any other medium which can be used tostore the desired information and which can accessed by an instructionexecution system. Note that the computer-usable or computer-readablemedium could be paper or another suitable medium upon which the programis printed, as the program can be electronically captured, via, forinstance, optical scanning of the paper or other medium, then compiled,interpreted, of otherwise processed in a suitable manner, if necessary,and then stored in a computer memory.

Communication media typically embodies computer readable instructions,data structures, program modules or other data in a modulated datasignal such as a carrier wave or other transport mechanism and includesany information delivery media. The term “modulated data signal” means asignal that has one or more of its characteristics set or changed insuch a manner as to encode information in the signal. By way of example,and not limitation, communication media includes wired media such as awired network or direct-wired connection, and wireless media such asacoustic, RF, infrared and other wireless media. Combinations of the anyof the above should also be included within the scope of computerreadable media.

When the subject matter is embodied in the general context ofcomputer-executable instructions, the embodiment may comprise programmodules, executed by one or more systems, computers, or other devices.Generally, program modules include routines, programs, objects,components, data structures, etc. that perform particular tasks orimplement particular abstract data types. Typically, the functionalityof the program modules may be combined or distributed as desired invarious embodiments.

FIG. 1 is a diagram of an embodiment 100 showing a system with networkboot with device authentication. Embodiment 100 is a simplified exampleof a device that may perform a network boot sequence where the device isauthenticated to a network boot server. The network boot server may usea public encryption key to encrypt various commands at the beginning ofa network boot interaction, and when the device successfully decryptsand executes the commands, the device is authenticated to the networkboot server.

The diagram of FIG. 1 illustrates functional components of a system. Insome cases, the component may be a hardware component, a softwarecomponent, or a combination of hardware and software. Some of thecomponents may be application level software, while other components maybe operating system level components. In some cases, the connection ofone component to another may be a close connection where two or morecomponents are operating on a single hardware platform. In other cases,the connections may be made over network connections spanning longdistances. Each embodiment may use different hardware, software, andinterconnection architectures to achieve the functions described.

Embodiment 100 is a simplified example of a system where network bootrequests may be authenticated for a requesting device. Such a system maybe useful in a data center situation where many devices, such as bladeservers or other rack mounted servers are installed and operated enmasse. In many data centers, many tens, hundreds, or even thousands ofdevices may be installed and operated. Prior to operating each of thedevices, the devices may be loaded with an operating system and variousapplications.

When high volumes of devices are to be installed and configured, anetwork boot sequence may be used to boot a device over a network from anetwork boot server. The device being installed may initiate a networkboot request that may be received by a network boot server. The networkboot server may use a public encryption key previously stored on theserver to encrypt a message or command for the device. The device,having the matching private encryption key to the public encryption key,may decrypt the command and execute the command. Since only the devicewith the private encryption key may successfully decrypt the command, acorrect and cryptographically verifiable response from the command mayauthenticate the device to the server.

Authenticating the network boot device may provide protection against aninterloper device. If an unauthorized or interloping device werepermitted to boot using the network boot server, the unauthorized devicemay obtain licensed software in the form of operating systems andapplications, as well as operate on the network and potentially receivedata that may be sensitive, classified, or otherwise controlled.

In a scenario with a malicious interloper, the malicious device may poseas a normal device on the network, receive licensed software or othercontrolled data, and then be disconnected. The malicious device may thenbe analyzed offline to recover the data and other software.

Another scenario may be where devices may be installed improperly,located at the wrong facility, or may be improperly configured for aspecific task. By causing each device to be authenticated, the propersoftware configurations may be performed in accordance with aconfiguration management database that may be used to administer thedevices.

One more use scenario may be where the security of software and data onthe network may be paramount. However, the devices may be installed andcabled to the network using a third party contractor or other workerswho may not have authorization to access the data. The unauthorizedworkers may perform the physical installation of the devices to thenetwork, but the network boot mechanism may ensure that the installationworkers cannot access the controlled data maliciously or by mistake.

The authentication mechanism starts with the manufacturing process 102.In the manufacturing process 102, a device 104 may be created with aninternal security device 106. In embodiments using current technology,the security device 106 may be a Trusted Platform Module.

A Trusted Platform Module offers various mechanisms for securegeneration of cryptographic keys, the ability to limit the use ofcryptographic keys, as well as a hardware random number generator. ATrusted Platform Module may also include capabilities such as remoteattestation and sealed storage. Remote attestation creates a nearlyunforgeable hash key summary of the hardware and software associatedwith the device. To what extent the software is being summarized isdecided by the software that is encrypting the data. Such a system mayallow a third party to verify that the software has not been changed.Sealing is a mechanism that may encrypt data in such a way that it maybe decrypted only if the TPM releases the right decryption key, which itonly does if the exact same software is present as when it encrypted thedata. Binding may encrypt data using the TPM's endorsement key or publicencryption key, which may be a unique set of public/private encryptionkeys burned into the TPM device during its production.

A Trusted Platform Module can be used to authenticate hardware devices.Each TPM chip may have a unique and secret RSA key burned in during theproduction, and the TPM chip may be capable of performing platformauthentication.

Other embodiments may use different mechanisms for authentication.Trusted Platform Modules is but one mechanism by which a public key andprivate key encryption system may be embedded in a device and used forauthentication during a network boot process.

When the device 104 is constructed or configured, a bill of materials108 may also be created. The bill of materials 108 may include variousdata related to the device 104, such as the hardware configuration 110,a public encryption key 112, a Media Access Control (MAC) address 114, aserial number 116, and other identification or descriptive information.The bill of materials 108 may be used for several other applications,such as a configuration management database application that may be usedfor monitoring and controlling several devices.

The hardware configuration 110 may be a description of the varioushardware components that make up the device 104. For example, hardwareconfiguration 110 may include a description of the type of processor,amount of random access memory, various busses, number and capacity ofdisk drives, and various peripheral devices.

The public encryption key 112 may be the public encryption key from thepublic/private encryption key pair stored in a Trusted Platform Moduleor another component within the device 104.

The MAC address 114 may be an address associated with a networkinterface card or other component within the device 104. The MAC address114 may be used to identify the device 104 on a network. A serial number116 may be any other identifier that may be associated with the device104. The serial number 116 may be a processor serial number or someother unique identification that is associated with the device 104. Insome instances, a Globally Unique Identification (GUID) associated withthe device or a component attached to the device may be used as anidentifier.

The device 104 may be installed into a data center 118 or some otherphysical installation using a first distribution channel 117.

The bill of materials 108 may be installed into a configuration database120 through a second distribution channel 119.

The first distribution channel 117 may be a normal channel used forpurchasing, shipping, and installing the device 104 into the place wherethe device 104 is to be used. In the example of embodiment 100, thedevice 104 may be installed in a data center 118. In other embodiments,a device such as a desktop or laptop computer may be installed in acompany or enterprise in various locations. A desktop computer may beinstalled in a user's office, for example.

The device 104 may be any type of network connected device. In someembodiments, the device 104 may be a set top box for connecting to acable television or satellite television distribution network. In otherdevices, the device 104 may be a wireless device such as a mobiletelephone or personal digital assistant.

The second distribution channel 119 may be a different and trusteddistribution channel for the bill of materials 108. The seconddistribution channel 119 may be a physical distribution channel such asa currier or delivery where the bill of materials 108 may be deliveredon a DVD or other computer readable medium. In some cases, the seconddistribution channel may be a delivery on paper or other human readablemedium. In many cases, the second distribution channel 119 may be anetwork connection where the bill of materials 108 may be transmitted toa customer location using messaging, email, or some other electronicformat. In some cases, such communication may be encrypted andauthenticated using one-way or two-way authentication.

When the device 104 is installed in the data center 118, the device 104may initiate a network boot sequence across the network 122 to a networkboot server 124. The network boot server 124 may receive a request thatmay include an identifier such as a MAC address, Internet Protocol (IP)address, or some other identifier. Using the configuration server 126,the public encryption key 112 may be retrieved for the device 104through the configuration database 120.

The public encryption key 112 may be used to encrypt data or commands tosend to the device 104 so that only the device 104 may be able todecrypt and operate on the encrypted message.

By encrypting a command and transmitting the command to the device 104in response to a network boot request, the network boot server 124 mayauthenticate the device 104 when the device 104 successfully decrypts,executes, and responds to the command. The command does not have to bean explicit command to authenticate, but merely any command that elicitsa response, when encrypted using the public encryption key andtransmitted to the device 104 may serve to authenticate the device.

Once the device is authenticated, the network boot server 124 mayinterface with a network resource server 128 and provisioning server 130to download an appropriate set of bootable executable code, as well asan operating system and other applications.

The authentication of the device 104 to the network boot server 124 maybe assured by the use of the public encryption key 112. Theauthentication of the network boot server 124 to the device 104 may beassured by the security of the second distribution channel 119. When thesecond distribution channel 119 is secure, the device 104 may not beconnected to an improper or malicious network boot server.

In many embodiments, the security device 106 within the device 104 mayhave an ownership function. The ownership function may define whichservers are permitted to perform various functions on the device 104,and such functions may include serving a network boot request. Ownershipmay be established and queried through various commands that may betransmitted to the device 104 and executed by the security device 106.

When a brand new device 104 is installed and turned on for the firsttime, there may be no ownership defined for the device. During aninitial network boot sequence, the network boot server 124 may query theownership and establish the network boot server 124 as having ownershipof the device 104. The ownership designation may prevent other devicesfrom accessing specific functions and, in some cases, may disable otherdevices from being able to perform network boot sequences with thedevice 104.

In many enterprise embodiments where hundreds or even thousands ofdevices may be managed, various administrative servers may be used tomanage the devices. A configuration server may manage a configurationmanagement database (CMDB) or other repositories may contain metadatarelated to various components in an information system. In manyembodiments, the information within the configuration managementdatabase may be used to deploy and configure devices within a network.The configuration server 126 may also have various agents, crawlers, orother mechanisms for discovering devices and configuration of devices ona network and keeping the database up to date.

In many embodiments, the configuration database 120 may containtechnical information relating to the various devices. Such informationmay include hardware and software configuration descriptions. Theconfiguration database 120 may also include ownership and relationshipinformation for various devices. In many embodiments, complexrelationships may exist across networks between devices and suchrelationships may be captured and managed using the configurationdatabase 120.

The network resource server 128 may serve to authenticate devices andauthorize various functions of the devices. In many embodiments, thenetwork resource server 128 may define policies that are distributedacross groups and devices on a network to control the behavior of thedevices.

The provisioning server 130 may contain a repository of operatingsystems, applications, and other components that may be downloaded andinstalled by the network boot server 124.

In some embodiments, the functions of the configuration server 126,network resource server 128, and provisioning server 130 may be combinedinto one server, or may be functions that represent several differentservers.

FIG. 2 is a diagram of an embodiment 200 showing functional componentsof a system with network boot with device authentication. Embodiment 200is a simplified example of functional elements that may perform anetwork boot sequence where the device is authenticated to a networkboot server.

The diagram of FIG. 2 illustrates functional components of a system. Insome cases, the component may be a hardware component, a softwarecomponent, or a combination of hardware and software. Some of thecomponents may be application level software, while other components maybe operating system level components. In some cases, the connection ofone component to another may be a close connection where two or morecomponents are operating on a single hardware platform. In other cases,the connections may be made over network connections spanning longdistances. Each embodiment may use different hardware, software, andinterconnection architectures to achieve the functions described.

Embodiment 200 illustrates functional components that may be used toperform a network boot sequence of a device 202 with a network bootserver 204 over a network. The device 202 may be any type of device thatmay use software to perform its functions. In a datacenter environment,the device 202 may be one server device that is installed in a largerack of servers, such as a blade server. Such a server may be one ofhundreds or thousands within a datacenter, and network boot techniquesmay be used to provision and manage the servers.

In another example, the device 202 may be a set top box that is attachedto a cable television or satellite television distribution network. Instill another example, the device 202 may be a network routing device,wireless access point, or other component used within a network or at anetwork edge. In yet another example, the device 202 may be a wirelessdevice such as a mobile phone, portable personal digital assistant,handheld data collection device, or any other device that operates usingsoftware.

The network 206 may be any type of communications network. In adatacenter or corporate computing network, a typical network may be anEthernet based hardwired network. A DOCSIS based cable televisionnetwork or satellite network may have relatively fast download speedscompared to upload speeds. Wireless networks use various technologiesfor network communication, including cellular telephony, point tomultipoint fixed wireless, mesh networks, or other technologies. Eachnetwork may have different capacities, features, and othercharacteristics.

In some embodiments, a network may be a multi-modal. For example, adevice using a satellite distribution network may use a satelliteconnection for downstream or incoming data while a telephone modemconnection or hardwired Internet connection may be used for outgoing orupstream data.

Because authentication may be used during the network boot process, someembodiments may use portions of the Internet or other open or unsecurednetwork to communicate. In an enterprise network, the devices on thenetwork may have at least a low level of trust, as physical access tothe network may be controlled. However, some networks may be at leastpartially exposed to the Internet and may be susceptible to interlopersor devices masquerading as either the device 202 or the network bootserver 204. Using network boot techniques with the authenticationmechanisms described herein may enable network boot technologies to beapplied in many cases where unsecured network boot may pose a securityrisk.

For example, a new cellular phone may be connected to a cellulartelephone network and may perform a network boot request over thecellular telephone network. In some cases, a new cellular phone may beconnected to personal computer and may be provisioned through thecomputer, where the personal computer acts as a server to the cellularphone, and may communicate through the Internet to a remote provisioningserver. The authenticity of the cellular phone may be assured by using asecurity device and the embedded private encryption key embedded in thephone.

The network boot server 204 may be a server device connected to thenetwork 206 and in communication with the device 202. In someembodiments, the network boot server 204 may perform many or all of thefunctions for responding to a network boot request, includingprovisioning the device 202. In other embodiments, a network bootrequest may be captured by one server and redirected to the network bootserver 204. Such capturing and routing architectures may be used forload balancing or for directing a request to a network boot server withthe appropriate capabilities to handle the request.

The device 202 may contain a network boot communicator 208 that maycreate an initial network boot request that may contain an identifier210. The network boot request may be one of the initial actions that areperformed by the device 202 when the device 202 is turned on. Thenetwork boot request may include a broadcast transmission over thenetwork 206 that may start an interaction with the network boot server204.

In some embodiments, the network boot request may be broadcast to findany server capable of providing a network boot service. Such anembodiment may be useful in a corporate network where several networkboot servers are present and generally trusted.

In other embodiments, the device 202 may be configured to transmit anetwork boot request to a specific address on the network 206 to findthe network boot server 204. In some cases, the specific address may beto a distribution server that may redirect the network boot request tothe network boot server 204.

The identifier 210 may be any descriptor or other unique identifier forthe device 202. The identifier may be a Media Access Control (MAC)address, embedded serial number, Globally Unique Identification (GUID),or some other identification.

In some cases, the identification may be an Internet Protocol (IP)address. In many cases, an IP address may be assigned to a specificphysical connection to a network or assigned through DHCP or otheraddress allocation technologies when the device 202 establishes anetwork presence, but the IP address may or may not be embedded withinthe device 202 itself. The IP address may serve as an identifier in somecases.

In many embodiments, a MAC address is an identifier that is burned intoa read only memory of a network interface card. However, MAC addressesmay be spoofed in some devices, which may enable a malicious orunauthorized device to pose as the intended device. Similarly, anydevice connected to a network may be assigned an IP address.

Because the network boot server 204 may use an encrypted command thatmay be decrypted only by the true device associated with the MACaddress, IP address, or other identifier, the network boot server 204may authenticate the device 202 prior to responding to the network bootrequest.

It is not uncommon for network administrators to use MAC spoofing toattempt to masquerade one device in place of another. For example, whena device fails and is replaced with another device, a shortcut may be touse the same MAC address as the first device so that networkcommunications that use the MAC address will continue as previously.Such practices are generally not advised as configuration managementsystems and other management tools can be confused and renderedineffective.

When a network boot request may be received by a network interface 212on the network boot server 204. The network interface 212 may be anytype of connection to the network 206. Some instances of a networkinterface 212 may include different physical connections along withvarious protocol translators and other software or firmware processingcomponents.

A pre-boot communications engine 214 may process various communicationswith the device 202 during the course of a pre-boot sequence and, insome cases, during the provisioning of the device 202. The pre-bootcommunication engine 214 may be a software service, hardware component,firmware device, or any other physical or computing mechanism forperforming the functions described.

The pre-boot communications engine 214 may use the identifier 210 tocontact a configuration server 218, which may refer to a configurationdatabase 220, to receive a public encryption key. The public encryptionkey may be used to encrypt a command sequence 222 using an encryptionmechanism 224, and the encrypted command may be transmitted to thedevice 202.

The public encryption key may be stored in the configuration database220. In many embodiments, the public encryption key may be stored in theconfiguration database through a bill of materials that may be createdwhen the device 202 was manufactured. In some cases, a reseller, systemsintegrator, or a third party may determine the public encryption key forthe device 202 and transmit the public encryption key along with anidentifier to the configuration database 220.

The configuration server 218 may be a server or service that may monitorvarious devices on the network 206. In an enterprise managementsituation, the configuration server 218 may keep track of the status andperformance of devices attached to the network 206 and may, in someinstances, perform various management operations. For example, theconfiguration server 218 may contain a record in the configurationdatabase 220 that defines how the device 202 is to be configured,including the operating system and any applications that execute on thedevice 202.

The network resource server 216 may provide authentication andauthorization for the device 202. The network resource server 216 mayhave a record associated with the device 202 such as a group or othermanagement object to which the device 202 may belong. The networkresource server 216 may, in some cases, define various policies that maydetermine how an operating system and various applications may performon the device 202.

When the device 202 is installed or otherwise joined to the network 206,a record for the device may be created in the configuration database 220and sometimes with the network resource server 216. These records maydetermine how the device 202 is to be configured and how the device maybehave. In order for the authentication mechanisms to operate, thepublic encryption key may be installed in the configuration database 220prior to the network boot request from the device 202. In cases where adevice 202 does not have a record in the configuration database 220 oris not defined in the network resource server 216, the device 202 may beplaced in a waiting state until such time as the records in theconfiguration database 220 and network resource server 216 are updated.

The public encryption key may be used to authenticate the device 202. Anencrypted command may be transmitted across the network 206 to thedevice 202. The network boot communicator 208 may receive the encryptedcommand, transfer the command to a security device 226 that may use aprivate encryption key 228 to decrypt the command. The command maygenerate a response to the network boot server 204 and thus mayauthenticate the device 202 to the network boot server 204.

The security device 226 may be a Trusted Platform Module in someembodiments. In other embodiments, the security device 226 may contain aunique private encryption key 228 and be configured to decrypt acommunication with the network boot server 204 prior to receivingbootable executable instructions.

In some embodiments, the security device 226 may have an ownershipstatus 230 that may be set by a network boot server 204 or other device.The ownership status 230 may define a device or group of devices thathave authority to perform various operations, including serving bootablecode and modifying various settings within the device 202.

Among the initial encrypted commands that may be transmitted from thenetwork boot server 204 to the device 202 may be a query as to theownership status 230 and, in some cases, a command to set the ownershipstatus 230 to be the network boot server 204.

When an ownership status 230 is set to another device, the ownershipstatus 230 may include an authentication mechanism through which theother device may be positively authenticated to the device 202. In somecases, such an authentication mechanism may include an identifier, apublic encryption key, a Globally Unique Identification (GUID) or someother mechanism.

After authenticating the device 202 to the network boot server 204, thenetwork boot server 204 may serve boot code 234 and an operating system236 to the device 202. The boot code 234 may be the initial executableinstructions that may be executed by the device 202 to start up thedevice 202 and begin loading the operating system 236. Once theoperating system 236 has been loaded and begins communication throughthe network 206, various applications 240 may be loaded onto the device202 and executed. One or more provisioning servers 238 may provide theoperating system 236 and applications 240.

In one example using current technology, the device 202 may generate arequest using a Preboot eXecution Environment (PXE) boot request. A PXEboot request may comprise a firmware action that attempts to locate aPXE redirection service, such as Proxy DHCP, in order to receiveinformation about available PXE servers. After parsing the answer, thefirmware may ask an appropriate boot server for a Network BootstrapProgram (NBP).

Following the example, the network boot communicator 208 may use PXEcompliant communication protocols. The pre-boot communication engine 214may generate a Network Bootstrap Program using the command sequences 222and the encryption mechanism 224 to create and transmit commands to thedevice 202. After one or more interactions, a Network Bootstrap Programmay be created that directs the device 202 to communicate with aprovisioning server 238 to download and execute the boot code 234,operating system 236, and applications 240.

In such an example, the NBP protocol may be used to communicate with thedevice 202 in the PXE mode to access the Trusted Platform Module orother security device 226 to establish authenticity prior totransmitting licensed software or other data to the device 202.

FIG. 3 is a flowchart illustration of an embodiment 300 showing a methodfor responding to a network boot request. Embodiment 300 is a simplifiedexample of a sequence that may be used by a network boot server toauthenticate a requesting device and serve bootable instructions,operating systems, and applications to the device.

Other embodiments may use different sequencing, additional or fewersteps, and different nomenclature or terminology to accomplish similarfunctions. In some embodiments, various operations or set of operationsmay be performed in parallel with other operations, either in asynchronous or asynchronous manner. The steps selected here were chosento illustrate some principles of operations in a simplified form.

Embodiment 300 is an example of several of the processes and proceduresdiscussed throughout this specification for handling a network bootrequest, performing various authentication actions, and serving thenetwork boot request after authentication is proper. Embodiment 300 usesan encrypted ownership command to determine if the device isauthenticated. Other embodiments may use different commands or performdifferent sequences, but may use a response from an encrypted command toverify that the device is authentic since only the device may be capableof decrypting a command that was encrypted using the correspondingpublic encryption key.

A network boot request may be received in block 302, and an identifierfor the device may be received in block 304. In many cases, the requestand identifier may be accompanied in a single transmission. In othercases, two or more transmissions may be used to communicate the requestand identifier.

Using the identifier, a public encryption key may be looked up for thedevice in block 306. In many cases, a configuration database or othermechanism may be used to store a record of the public encryption keyassociated with identifiers for various devices. In some cases, thedatabase may include the identifier received from the device, while inother cases the identifier in the database may be derived from anotherdatabase, lookup table, or record.

The public encryption key may be used to encrypt an ownership query inblock 308 and may be transmitted to the device in block 310.

If no response is received in block 312, the device may not beauthenticated in block 314, as the device may not have been able todecrypt and act on the query of block 308. In such a case, the processmay be halted in block 316.

If a response is received in block 312 and the device is not owned bythe server in block 318, a take ownership command may be created inblock 320, encrypted in block 322, and transmitted in block 324. In manycases, the take ownership command may include an authenticationmechanism for the server executing the method of embodiment 300.

If the device were executing its first network boot request, theownership of the device may be undefined. If the device were relocatedfrom another location or previously used in another installation, theownership may be set to a different server. In either case, the takeownership command may enable the server executing embodiment 300 toestablish a trusted and authenticated session for the current use andsubsequent uses of a network boot request.

In block 326, authentication may be transmitted to the device and thedevice may be caused to verify a message signature or otherauthentication in block 328. Such authentication may function to assertownership privileges with the device and enable the network boot processto continue.

In some embodiments, the server may be authenticated to the device byusing the server's public encryption key to generate a response. Theserver may decrypt the message and respond, thus authenticating theserver to the device.

The bootable executable code may be transmitted in block 330, afterwhich an operating system may be transmitted in block 332, and variousapplications may be transmitted in block 334, thus satisfying thenetwork boot request.

In many embodiments, a device may use a network boot request for theinitial provisioning and configuration of the device. The operatingsystem and applications may be stored locally and may be executed fromthe local store in subsequent uses of the device. In other embodiments,the device may perform a network boot request for each time the deviceis powered on and connects to the network.

In an embodiment using current technology, the request in block 302 maybe a PXE request that is directed to the server performing the method ofembodiment 300. The ownership commands that are created in blocks 308and 320 may be NBP sequences that may be evaluated with a TrustedPlatform Module.

The foregoing description of the subject matter has been presented forpurposes of illustration and description. It is not intended to beexhaustive or to limit the subject matter to the precise form disclosed,and other modifications and variations may be possible in light of theabove teachings. The embodiment was chosen and described in order tobest explain the principles of the invention and its practicalapplication to thereby enable others skilled in the art to best utilizethe invention in various embodiments and various modifications as aresuited to the particular use contemplated. It is intended that theappended claims be construed to include other alternative embodimentsexcept insofar as limited by the prior art.

What is claimed is:
 1. At a network boot server, a method for securelybooting a device over a network, the method comprising: receiving apublic encryption key for a remote device; receiving a network bootrequest from said remote device; encrypting an ownership command usingsaid public encryption key to create an encrypted ownership command,said ownership command establishing the network boot server as havingownership of the remote device so as to prevent other devices from beingable to perform network boot sequences with the remote device, thepublic encryption key included in a public-private key pair;participating in a two-way authentication exchange with said remotedevice, including: transmitting said encrypted ownership command to saidremote device; receiving a response from said remote device, theresponse indicative of: said remote device having decrypted saidencrypted ownership command using a private encryption key, said privateencryption key included in said public-private key pair; and said remotedevice having at least attempted to perform said ownership command; andtransmitting, boot software to said remote device subsequent toparticipating in said two-way authentication exchange, the boot softwarefor execution at said remote device to start up said remote device. 2.The method of claim 1, said public encryption key being received througha first channel, said network boot request being received through asecond channel.
 3. The method of claim 1, said public encryption keybeing received along with an identifier for said remote device.
 4. Themethod of claim 3, said identifier comprising at least one of a groupcomposed of: a MAC address; a network address; a serial number; and aGUID.
 5. The method of claim 1 further comprising: provisioning saidremote device.
 6. The method of claim 1 further comprising: transmittingowner authentication information to said remote device.
 7. A systemcomprising: a database comprising at least one identifier for a remotedevice and a public encryption key associated with said remote device; anetwork interface; a pre-boot communications engine configured toreceive a network boot request and said at least one identifier fromsaid remote device and establish communications with said remote devicethrough said network interface; a command sequence comprising anownership command for said remote device, said ownership commandestablishing a network boot server as having ownership of the remotedevice so as to prevent other devices from being able to perform networkboot sequences with the remote device; an encryption mechanismconfigured to use said public encryption key to generate an encryptedownership command; and said pre-boot communications engine configured toparticipate in a two-way authentication exchange with said remotedevice, including: transmit said encrypted ownership command to saidremote device using a pre-boot communications service; receive aresponse from said remote device based on said command sequence, theresponse indicative of: said remote device having decrypted saidencrypted ownership command using a matching private encryption key; andsaid remote device having at least attempted to perform said ownershipcommand; and wherein said pre-boot communications are configured to beperformed prior to booting said remote device and said remote device isconfigured to be authenticated prior to downloading bootable software.8. The system of claim 7 further comprising: a boot sequence configuredto be executed by said remote device, said communications engine beingfurther configured to transmit said boot sequence to said remote device.9. The system of claim 7 further comprising: at least one executableapplication configured to be executed by said remote device, saidcommunications engine being further configured to transmit said at leastone executable application to said remote device.
 10. The system ofclaim 7, said command sequence comprising at least one authenticationidentification for said system.
 11. The system of claim 7, a bootsequence comprising an operating system for said remote device.
 12. Thesystem of claim 7, said database being populated through a secondchannel, said pre-boot communications service comprising a firstchannel.
 13. The system of claim 7, said database being a configurationmanagement database.
 14. The system of claim 7 further comprising: asecond database defining provisioning information for said remotedevice; a group of applications configured to be executed by said remotedevice; said communications engine being further configured to transmitat least a portion of said group of applications based on said seconddatabase.
 15. A computer program product for use at a computer system,the computer program product for implementing a method for securelybooting a device over a network, the computer program product comprisingone or more computer storage devices having stored thereoncomputer-executable instructions that, when executed at a processor,cause the computer system readable to perform the method, including thefollowing: receive a network boot request from a remote device, saidnetwork boot request comprising an identifier for said remote device,and said network boot request being a Preboot eXecution Environment(PXE) request; look up said identifier in a database to receive a publicencryption key for said remote device, said identifier being receivedinto said database through a secondary channel; encrypt an ownershipcommand for a Trusted Platform Module associated with said remote deviceto create an encrypted ownership command, said encrypting beingperformed with said public encryption key, said ownership commandestablishing a network boot server as having ownership of the remotedevice so as to prevent other devices from being able to perform networkboot sequences with the remote device, the public encryption keyincluded in a public-private key pair; participate in a two-wayauthentication exchange with said remote device, including: transmitsaid encrypted command to said remote device; and receive a responsefrom said remote device based on said ownership command, the responseindicative of: said remote device having decrypted said encryptedownership command using a private encryption key, said privateencryption key included in said public-private key pair; and said remotedevice having at least attempted to perform said ownership command; andtransmit boot software to said remote device subsequent to participatingin said two-way authentication exchange, the boot software for executionat said remote device to start up said remote device.
 16. The computerprogram product of claim 15, further comprising computer-executableinstructions that, when executed, cause the computer system to: decryptsaid response using said public encryption key.